HAcker plundered about $ 100 million from the so-called cryptocurrency bridge, re-examining key vulnerabilities in the digital asset ecosystem. ..
BlockchainHarmonyis aTweethacking the Horizon Bridge that allows people to exchange coins between different blockchains on Thursday morning. Said that. "We have begun working with national authorities and forensic experts to identify the perpetrators and recover the stolen funds."
1 / The Harmony team confirmed the theft that occurred at the Horizon Bridge this morning. 100 million dollars. Working with state authorities and forensic experts, we have begun to identify the perpetrators and recover the stolen funds.
Others
— Harmony (@harmonyprotocol)June 23, 2022
Most of the crypto world is a silo Divided into: For example, Bitcoin andEthereumnetworks can only work with Bitcoin and Ethereum tokens. As more cryptocurrencies are adopted and traders demand the ability to interact seamlessly with each other, projects like Harmony have created a platform called a bridge that can accept different tokens and move fluidly between blockchains. I am developing.
Read more: The man behind Ethereum is worried about Crypto's future
But , The bridge is especially vulnerable to hacking. Their technology is complex and often run by an anonymous team. It is often unclear how they protect their funds. Sophisticated hackers have repeatedly targeted them.
According to CoinGecko, Harmony's native ONE tokens used to pay transaction fees, earn rewards and vote for platform changes have fallen by 12% in the last 24 hours. According to its website, the underlying harmony blockchain totals over $ 1 billion.
It wasn't immediately clear if the user's money was stolen.
"Private Key Infringement"
Attack on Horizon, which provides cross-chain transfer between Ethereum and Binance's smart chains, is the third major bridge hack of the year. Mark In February, hackers stole more than $ 300 millionfrom the Wormhall Bridgeand a month later from the Ronin Bridge$ 620 million.
Chainalysis researchers estimate that over $ 1 billion was stolen from the bridge, even before the Horizon hack. In the case of
Horizon, "theft seems to have been caused by a private key breach," said Xuxian Jiang, chief executive officer of security company PeckShield, who was sought support by Harmony. I am. Harmony did not immediately respond to the request for comment. The
Holizen Bridge is managed and protected by four wallets, from at least two wallets (each supported by multiple signatures) to validate and execute transactions. Authentication is required. On this occasion, Jiang said the attacker was able to compromise the personal information needed to access these wallets and trigger a transaction to withdraw assets from the Horizontal Bridge to an external wallet.
Hackers have escaped using cryptocurrencies such as Ether, BNB, stable coins Tether, USDC, and DAI, Elliptic researchers said in a tweetthese. Tokens are exchanged for what Elliptic called "a technique commonly found in these hacks" that was exchanged for Ether using the so-called distributed type.
Ronin Hack
Horizon uses a security mechanism similar to that used by the Ronin Bridge to the popular blockchain game Axie Infinity. It is linked. With this mechanism, 5 out of 9 verifiers are the time it was hacked. According to the website, Harmony is popular in blockchain games like Mars Colony and Defi Kingdom.
After theRonin attackcaused by a North Korean hacker group, owner Sky Mavis has significantly increased the number of verifiers required to approve a transaction. 100.
Read more: Bitcoin will appear in 401 (k). But your employer probably won't let you invest
Thursday's attack on the Horizon Bridge is associated with five user wallets on the Harmony network in January. Following theexploit. According to the company, the thief sucked up 19,314,598 ONE tokens, which was worth about $ 5.8 million at the time.
The amount locked to the bridge connected to the Ethereum blockchain has decreased by60%over the last 30 days to less than $ 12 billion per tracker Dune. This is due to the downturn in the crypto market and the liquidity concerns surrounding some large crypto players such as Celsius Network, Babel Finance, Three Arrows Capital and Voyager Digital.
(Updated to add context to the whole from the third paragraph)
– SuvashreeGhoshandTanzeelAkhtar With the support of
ContactLetters@time.com
